Apple users need to be aware of an ongoing phishing campaign that appears to be ramping up efforts the past couple days. Scammers have found a clever way to generate phishing websites – and they’re after your Apple ID and password.
Suppose you’re using your Mac, and suddenly the Mail app opens and shows a password request because of a failure with your iCloud account.
In fact, a similar event happened earlier this year, when Handbrake was hacked to install the Proton malware. The malicious copy of Handbrake ended up requesting the login password in such a way that even experts fell for it, such as a developer for the well-respected Panic, Inc.We have become accustomed to such password requests as a part of our daily life, so when we see them, we tend to just enter the password without thinking about it.
Instead of seeking fixes for something that can’t be fixed, we need to focus on changing our own behaviors. Every password request should always be viewed with suspicion, no matter the source. If Mail pops open and a window appears asking for a password, that doesn’t mean it’s actually Mail doing the asking.
Use these tips to avoid scams and learn what to do if you think your Apple ID has been compromised.
- Beware of threat detection tools where the scan is free but when a “threat” is found, you suddenly have to pay.
- If in doubt, don’t rely on unknown web pages for advice. Seek out the help of a friend: someone whom you know, and like, and trust
- Treating the password requests with suspicion means, in some cases, canceling and entering the password in a known, good location.
- Use a real-time Mac threat protection product. Look for one that not only has an on-access virus scanner to prevent malware from running, but also has live web protection to stop you arriving at risky URLs in the first place.
- Don’t fall for offers of support (or threats of disconnection) that arrive unsolicited. If you didn’t ask for technical help, but it suddenly falls into your lap, just say, “No”.